(07)專案管理 » 01_外部專案

NN "4.3.2

MITRE-T1558

" "Domain Admin Vulnerable to Kerberoasting Attack

It is possible to obtain the encrypted Kerberos service ticket of a domain admin for offline password cracking.

" "The exposure of encrypted service ticket empowers adversary to reveal the exact password to perform user impersonation or privilege escalation in this case.

It is noteworthy that the affected domain admin has never expiring password and has its password remain unchanged more than 2 years. This allows adversary ample time to perform offline cracking of its password.

" "Avoid assigning SPNs to Domain Admin accounts unless absolutely necessary.

Set long and complex passwords for service accounts and limit privileges of service accounts. If possible, use AES encryption instead of RC4 encryption."